Two WAN interfaces: the primary is PPPoE, the secondary will link to a GigE port on another router (a 100Mbps link will suffice);

Two (ideally four) GigE LAN ports;

No requirement for a firewall;

No requirement for Wi-Fi;

Inexpensive.

The plan for the two WAN interfaces is as follows. All outbound traffic will go to the primary, with exceptions based on destination IP/subnet or possibly on src+dest IPs/subnets. Such exceptions should be routed to the secondary. It would be very nice if, should the primary go down, the secondary would automatically take over for all outbound traffic.

I am reasonably sure that I can put something together based on dd-wrt. However, I'd like to hear from you what alternatives are out there (especially something easier to set up for my use case, even if it means paying more for the hardware.)

(+1) I haven't come across Mikrotik devices, but they look very interesting indeed. Thanks for the pointer.
–
NPEFeb 1 '11 at 17:10

The really funny thing is that they scale. You can run them on x86 hardware (routeros) and even the one you buy from them can handle 1gbit links as small data room internet backbone for a LOW price. Unless yuo scale quite high they are pretty much "handling your whole public needs".
–
TomTomFeb 1 '11 at 17:18

I've had a lot of success with OpenWRT on TL-WR1043ND boxes lately. They're cheap (< $50), low power(<10 Watts), gigabit ethernet etc. and then you can do whatever you like with it once it's installed, including splitting the switch into VLANs to suit your needs.

With inexpensive being a requirement, I would check out pfSense. It's a free open source router that is very robust and scalable with the company. I use it exclusively when cost is an issue, it's just so versatile and stable (last reboot was a 6mo. ago for maintenance).

One of the features is WAN load balancing with failover, you can pull bandwidth from both your PPoE, and your 2nd WAN line, and if one drops it still runs on the other. My book mentions policy routing which is like a firewall rule, but with a gateway field, it looks like you can get even finer control than just IP/Subnet. It does not mention limiting it to just one WAN but I would imagine it's very possible. If you do end up trying it, I would ask this on the pfSense forum (great resource if you run pfSense).

Is your 2nd WAN also PPoE? pfSense 1.2 does not support multiple PPoE connections, but version 2.0 does.

Also The built in firewall can be disabled if you already have a firewall solution.

I would try it out on a spare machine or the VMware appliance to see how it works for your setup.